CentOS Linux 7 Kernel Update 3.10.0-123.4.4 Released

Resolved CVEs:

CVE-2014-4699
CVE-2014-4943

* It was found that the Linux kernel’s ptrace subsystem allowed a traced process’ instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4699, Important)

Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

* A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel’s PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important)

Updating the Kernel

You can either initiate a full yum update:

yum update

Alternatively, just update the kernel packages:

yum update "kernel-*"

As this update has just been released, your preferred CentOS yum mirror may not have the update yet. In this case. you may need to wait a few hours for the update to become available. Cached repo data can also prevent new updates from being found. To clear your yum cache, run:

Latest CentOS Kernel version

CentOS 7.6.1810: 3.10.0-957.21.3

“CentOS Blog” (www.centosblog.com) is a community page, and is in no way affiliated or endorsed by RedHat or the CentOS Project.
Any product names, logos, brands, and other trademarks or images featured or referred to within the CentOS Blog website are the property of their respective trademark holders. These trademark holders are not affiliated with CentOS Blog, our products, or our websites. They do not sponsor or endorse CentOS Blog or any of our online products.